singring
asked on
Problem with VLAN routing on Cisco 3560X
We have configured three VLANs on new Catalyst 3560X, but for some reson routing is not working correctly - you can ping some computers while other are unreachable.
Strange thing is that show ip route displays 2 connected networks for each VLAN, for example:
C 10.0.0.1/24 is directly connected, VLAN10
L 10.0.0.1/32 is directly connected, NLAN10
We can ping switch from the connected computer, but can not ping computer from the switch, even if it is on VLAN10.
Any sugesstions?
Strange thing is that show ip route displays 2 connected networks for each VLAN, for example:
C 10.0.0.1/24 is directly connected, VLAN10
L 10.0.0.1/32 is directly connected, NLAN10
We can ping switch from the connected computer, but can not ping computer from the switch, even if it is on VLAN10.
Any sugesstions?
Serg
Show us your config, please.
The output you show on line 2 above doesn't look quite right. Have you just re-typed the output and made some charachter mistakes?
Have you enabled private vlans or something similar?
A config output would help.
Have you enabled private vlans or something similar?
A config output would help.
ASKER
Hi,
This is our problem - the output in line 2 does not look right. I'm posting output of show running-config, show vlan and show ip route with computer connected to gi0/2 on VLAN10:
QW-Switch#sh run
Building configuration...
Current configuration : 7724 bytes
!
! Last configuration change at 18:17:18 CST-6 Sun Feb 28 1993
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname QW-Switch
!
boot-start-marker
boot-end-marker
!
no logging console
enable secret 5 $1$6Az6$XERvnknlO1CUK6meW0
!
username user password 7 15314D3E167938772921362A
no aaa new-model
clock timezone CST-6 -6 0
clock summer-time time recurring
system mtu routing 1500
no ip source-route
ip routing
!
!
no ip domain-lookup
ip domain-name aaa.com
vtp domain aaa.com
vtp mode transparent
!
!
crypto pki trustpoint TP-self-signed-54201088
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi
revocation-check none
rsakeypair TP-self-signed-54201088
!
!
crypto pki certificate chain TP-self-signed-54201088
certificate self-signed 01
3082023E 308201A7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
2F312D30 2B060355 04031324 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 35343230 31303838 301E170D 39333033 30313030 30313333
5A170D32 30303130 31303030 3030305A 302F312D 302B0603 55040313 24494F53
2D53656C 662D5369 676E6564 2D436572 74696669 63617465 2D353432 30313038
3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100A9C3
4FA024A9 27B4A999 B1DFB280 0303F240 F11B5EB1 7CD9C2D5 CECCE41C 21727B88
5EB2130A 7A9B4A30 576563D9 59829CE8 BD57F186 AF3F1789 69C8BC78 A954D496
78453A3F 3F835D04 5F7F7260 5D56D8F2 4965C35B 849493FC 68492547 796B2E7C
A733621C A540067C 332A6BDC 39F7FDE5 AD94BB54 6B8EDE47 46B690A4 8F7D0203
010001A3 6A306830 0F060355 1D130101 FF040530 030101FF 30150603 551D1104
0E300C82 0A51572D 53776974 63682E30 1F060355 1D230418 30168014 2A24B484
87BA5BE0 9ECA4B6C 6395F57F 8A0A41CB 301D0603 551D0E04 1604142A 24B48487
BA5BE09E CA4B6C63 95F57F8A 0A41CB30 0D06092A 864886F7 0D010104 05000381
810001EC F7AB5472 29DBB857 6BEE15CB 125F22E2 E64E8297 C47BB913 E6BFA1B6
4F391F71 08B3F055 1A2B680B 05666D64 273D128C 85DD9F0A F0679EA4 B9C5F2C1
908FE753 F6C35CAF 6F35FCB9 6CBCE02B ACE8945F 8299BE4B 744FFB4A C9E7C4D1
10C2E3EC 60EC1440 7174C60C CEA4B9BF BF2ED536 08B5F296 F918002B CB7FDCE5 C089
quit
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
vlan 10
name vlan10
!
vlan 11
name vlan11
!
vlan 12
name vlan12
!
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
!
!
interface FastEthernet0
no ip address
no ip route-cache
no ip mroute-cache
!
interface GigabitEthernet0/1
description VLAN10
switchport access vlan 10
switchport mode access
speed 1000
duplex full
!
interface GigabitEthernet0/2
description VLAN10
switchport access vlan 10
switchport mode access
speed 1000
duplex full
!
.
.
.
!
interface GigabitEthernet0/23
description VLAN12
switchport access vlan 12
switchport mode access
speed 1000
duplex full
!
interface GigabitEthernet0/24
description VLAN12
switchport access vlan 12
switchport mode access
speed 1000
duplex full
!
interface GigabitEthernet1/1
!
interface GigabitEthernet1/2
!
interface GigabitEthernet1/3
!
interface GigabitEthernet1/4
!
interface TenGigabitEthernet1/1
!
interface TenGigabitEthernet1/2
!
interface Vlan1
no ip address
!
interface Vlan10
description Internal
ip address 10.1.0.5 255.255.255.0
no ip redirects
standby 10 ip 10.1.0.1
standby 10 priority 255
standby 10 preempt
!
interface Vlan11
description Data
ip address 10.1.1.5 255.255.255.0
no ip redirects
standby 11 ip 10.1.1.1
standby 11 priority 255
standby 11 preempt
!
interface Vlan12
description DMZ
ip address 10.1.2.5 255.255.255.0
no ip redirects
standby 12 ip 10.1.2.1
standby 12 priority 255
standby 12 preempt
!
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 10.1.0.2
!
ip sla enable reaction-alerts
logging esm config
no cdp run
!
banner motd ^C
Warning Notice:
^C
!
line con 0
exec-timeout 4 0
password 7 08020A7C1B4A164413190F0C
logging synchronous
login
line vty 0 4
exec-timeout 4 0
password 7 08020A7C1B4A164413190F0C
login local
transport input ssh
line vty 5 15
exec-timeout 4 0
password 7 112A5F370541185F0538282C
login local
transport input ssh
!
ntp server 204.70.128.1
ntp server 204.70.57.242
end
QW-Switch#sh vlan
VLAN Name Status Ports
---- --------------------------
1 default active
10 vlan10 active Gi0/1, Gi0/2, Gi0/3, Gi0/4
Gi0/5, Gi0/6, Gi0/7, Gi0/8
11 vlan11 active Gi0/9, Gi0/10, Gi0/11, Gi0/12
Gi0/13, Gi0/14, Gi0/15, Gi0/16
12 vlan12 active Gi0/17, Gi0/18, Gi0/19, Gi0/20
Gi0/21, Gi0/22, Gi0/23, Gi0/24
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
10 enet 100010 1500 - - - - - 0 0
11 enet 100011 1500 - - - - - 0 0
12 enet 100012 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1005 trnet 101005 1500 - - - ibm - 0 0
Remote SPAN VLANs
--------------------------
Primary Secondary Type Ports
------- --------- ----------------- --------------------------
QW-Switch#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is 10.1.0.2 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 10.1.0.2
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.1.0.0/24 is directly connected, Vlan10
L 10.1.0.5/32 is directly connected, Vlan10
This is our problem - the output in line 2 does not look right. I'm posting output of show running-config, show vlan and show ip route with computer connected to gi0/2 on VLAN10:
QW-Switch#sh run
Building configuration...
Current configuration : 7724 bytes
!
! Last configuration change at 18:17:18 CST-6 Sun Feb 28 1993
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname QW-Switch
!
boot-start-marker
boot-end-marker
!
no logging console
enable secret 5 $1$6Az6$XERvnknlO1CUK6meW0
!
username user password 7 15314D3E167938772921362A
no aaa new-model
clock timezone CST-6 -6 0
clock summer-time time recurring
system mtu routing 1500
no ip source-route
ip routing
!
!
no ip domain-lookup
ip domain-name aaa.com
vtp domain aaa.com
vtp mode transparent
!
!
crypto pki trustpoint TP-self-signed-54201088
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi
revocation-check none
rsakeypair TP-self-signed-54201088
!
!
crypto pki certificate chain TP-self-signed-54201088
certificate self-signed 01
3082023E 308201A7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
2F312D30 2B060355 04031324 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 35343230 31303838 301E170D 39333033 30313030 30313333
5A170D32 30303130 31303030 3030305A 302F312D 302B0603 55040313 24494F53
2D53656C 662D5369 676E6564 2D436572 74696669 63617465 2D353432 30313038
3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100A9C3
4FA024A9 27B4A999 B1DFB280 0303F240 F11B5EB1 7CD9C2D5 CECCE41C 21727B88
5EB2130A 7A9B4A30 576563D9 59829CE8 BD57F186 AF3F1789 69C8BC78 A954D496
78453A3F 3F835D04 5F7F7260 5D56D8F2 4965C35B 849493FC 68492547 796B2E7C
A733621C A540067C 332A6BDC 39F7FDE5 AD94BB54 6B8EDE47 46B690A4 8F7D0203
010001A3 6A306830 0F060355 1D130101 FF040530 030101FF 30150603 551D1104
0E300C82 0A51572D 53776974 63682E30 1F060355 1D230418 30168014 2A24B484
87BA5BE0 9ECA4B6C 6395F57F 8A0A41CB 301D0603 551D0E04 1604142A 24B48487
BA5BE09E CA4B6C63 95F57F8A 0A41CB30 0D06092A 864886F7 0D010104 05000381
810001EC F7AB5472 29DBB857 6BEE15CB 125F22E2 E64E8297 C47BB913 E6BFA1B6
4F391F71 08B3F055 1A2B680B 05666D64 273D128C 85DD9F0A F0679EA4 B9C5F2C1
908FE753 F6C35CAF 6F35FCB9 6CBCE02B ACE8945F 8299BE4B 744FFB4A C9E7C4D1
10C2E3EC 60EC1440 7174C60C CEA4B9BF BF2ED536 08B5F296 F918002B CB7FDCE5 C089
quit
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
vlan 10
name vlan10
!
vlan 11
name vlan11
!
vlan 12
name vlan12
!
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
!
!
interface FastEthernet0
no ip address
no ip route-cache
no ip mroute-cache
!
interface GigabitEthernet0/1
description VLAN10
switchport access vlan 10
switchport mode access
speed 1000
duplex full
!
interface GigabitEthernet0/2
description VLAN10
switchport access vlan 10
switchport mode access
speed 1000
duplex full
!
.
.
.
!
interface GigabitEthernet0/23
description VLAN12
switchport access vlan 12
switchport mode access
speed 1000
duplex full
!
interface GigabitEthernet0/24
description VLAN12
switchport access vlan 12
switchport mode access
speed 1000
duplex full
!
interface GigabitEthernet1/1
!
interface GigabitEthernet1/2
!
interface GigabitEthernet1/3
!
interface GigabitEthernet1/4
!
interface TenGigabitEthernet1/1
!
interface TenGigabitEthernet1/2
!
interface Vlan1
no ip address
!
interface Vlan10
description Internal
ip address 10.1.0.5 255.255.255.0
no ip redirects
standby 10 ip 10.1.0.1
standby 10 priority 255
standby 10 preempt
!
interface Vlan11
description Data
ip address 10.1.1.5 255.255.255.0
no ip redirects
standby 11 ip 10.1.1.1
standby 11 priority 255
standby 11 preempt
!
interface Vlan12
description DMZ
ip address 10.1.2.5 255.255.255.0
no ip redirects
standby 12 ip 10.1.2.1
standby 12 priority 255
standby 12 preempt
!
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 10.1.0.2
!
ip sla enable reaction-alerts
logging esm config
no cdp run
!
banner motd ^C
Warning Notice:
^C
!
line con 0
exec-timeout 4 0
password 7 08020A7C1B4A164413190F0C
logging synchronous
login
line vty 0 4
exec-timeout 4 0
password 7 08020A7C1B4A164413190F0C
login local
transport input ssh
line vty 5 15
exec-timeout 4 0
password 7 112A5F370541185F0538282C
login local
transport input ssh
!
ntp server 204.70.128.1
ntp server 204.70.57.242
end
QW-Switch#sh vlan
VLAN Name Status Ports
---- --------------------------
1 default active
10 vlan10 active Gi0/1, Gi0/2, Gi0/3, Gi0/4
Gi0/5, Gi0/6, Gi0/7, Gi0/8
11 vlan11 active Gi0/9, Gi0/10, Gi0/11, Gi0/12
Gi0/13, Gi0/14, Gi0/15, Gi0/16
12 vlan12 active Gi0/17, Gi0/18, Gi0/19, Gi0/20
Gi0/21, Gi0/22, Gi0/23, Gi0/24
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
10 enet 100010 1500 - - - - - 0 0
11 enet 100011 1500 - - - - - 0 0
12 enet 100012 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1005 trnet 101005 1500 - - - ibm - 0 0
Remote SPAN VLANs
--------------------------
Primary Secondary Type Ports
------- --------- ----------------- --------------------------
QW-Switch#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is 10.1.0.2 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 10.1.0.2
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.1.0.0/24 is directly connected, Vlan10
L 10.1.0.5/32 is directly connected, Vlan10
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I'm not sure if it was missing ip subnet-zero, or maybe just overheating (we had 90+ degrees temperature in the office over last few days). Anyway, routing is working perfectly today even if these local routes stay in the routing table.
Thank you for your help.
Thank you for your help.